Use cases for different AuthorizedKeysCommand and AuthorizedKeysFile orders

Jochen Bern Jochen.Bern at
Wed Jul 21 19:09:12 AEST 2021

On 20.07.21 12:50, Xiaoguang WANG wrote:
> * The authorized_keys file is only used for emergency use.
> * Every login is checked by authorized keys command (it can use other
> servers to auth through the network), and the command can return
> "force nologin" to disable the keys in authorized_keys.
> * In emergency cases (eg: network failure, or command corruption), the
> emergency key in authorized_keys can still be used to recover the
> system.

I don't know how much effort OpenSSH spends on making the
AuthorizedKeysCommand API failsafe, but just on general principle,
*shouldn't* an AuthorizedKeysFile "for emergencies" be considered
*before* an AuthorizedKeysCommand that may be affected (indefinite
hang?) by said emergency?

Otherwise: You IMHO could point AuthorizedKeysFile to an empty File and
replace the current AuthorizedKeysCommand by something like

/the/original/AuthorizedKeysCommand "$@"
if [ -r "$F" ]; then
   cat "$F"
   exit $X
   logger "Emergency config $F is missing or unreadable!!"
   exit 1

to get the order you want. (Assuming a unixoid system, that is.)

Jochen Bern

Binect GmbH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the openssh-unix-dev mailing list